ref: 94f23734015424515144b54f0a9f9d6c9d2f34c2
parent: b843da74b79d585a30bd2b3f13e7c63d105baf94
author: Roberto E. Vargas Caballero <k0ga@shike2.com>
date: Mon May 16 07:43:29 EDT 2022
libc: Correct time zone copy in strftime() Time zone are longer than 3 characters some times, and the code was not checking the pending size in the buffer and it could drive to buffer overflow problems.
--- a/src/libc/time/strftime.c
+++ b/src/libc/time/strftime.c
@@ -293,8 +293,13 @@
inc = timezone(s, n, timeptr);
break;
case 'Z':
- memcpy(s, timeptr->tm_zone, 3);
- inc = 3;
+ inc = strlen(timeptr->tm_zone);
+ if (inc > n) {+ *s = '?';
+ inc = 1;
+ } else {+ memcpy(s, timeptr->tm_zone, inc);
+ }
break;
case '\0':
inc = 0;